Security concepts to consider when using a computer

2015

M.I.S.T. Miguel Ángel Romero Ochoa

Universidad de Sonora

25-6-2015

SECURITY CONCEPTS TO CONSIDER WHEN USING THE

COMPUTER

Miguel Ángel Romero Ochoa Espacio educativo NTIC Universidad de Sonora

Traducción: Edna Mónica López Ceballos

“Security concepts to consider when using a computer” is licensed under a Creative Commons Attribution-NonCommercial-

NoDerivatives 4.0 International License.

INDEX

SECURITY CONCEPTS TO CONSIDER WHEN USING THE COMPUTER ............................ 3

SAFETY ON THE INTERNET ............................................................................ 4

Risks of web surfing ............................................................................................. 4

Adware .............................................................................................................. 4

Malware ............................................................................................................ 4

Phishing ............................................................................................................ 4

Spam ................................................................................................................ 4

Spyware ............................................................................................................ 4

Virus.................................................................................................................. 4

Hackers and crackers ....................................................................................... 5

Trojan ................................................................................................................ 5

PROTECTION SYSTEMS ............................................................................... 6

Local protection systems ...................................................................................... 6

Perimetric protection systems and safe navigation .............................................. 8

Parental control systems ...................................................................................... 9

TIPS TO MINIMIZE THE RISKS OF WEB SURFING .................................................... 9

Tips for safe navigation ........................................................................................ 9

Tips fo the safe use of email ................................................................................ 9

Tips for safe online shopping ............................................................................. 11

Safety suggestions in social networks ................................................................ 13

REFERENCES ..........................................................................................15





SECURITY CONCEPTS TO CONSIDER WHEN USING A COMPUTER

The feeling of anonymity, the need to relate to other people, the number of attainable

services available to young people, among others, are factors to keep in mind and

which require safety measures.

Evidently, the problem with security in data and information services has been a

concern since the very origins of these systems

While today it is almost impossible to consider computer equipment as an isolated

entity, if we consider the computer as an individual element there are only three

elements that we will have to emphasize to avoid safety gaps:

Impede local access to the system by undesirables.

Impede the contamination of the system from dangerous elements that could

damage or slow its performance, and which take advantage primarily of portable

storage systems (USB memory cards, SD cards, portable external hard drives)

and/or communication systems.

Avoid security gaps by keeping the computer system, its operating system and

the programs that we may use up to date.





SAFETY ON THE INTERNET

Safety on the Internet is a fundamental challenge in these

times. Access to the Web has generalized and with it the

risks and threats have increased. Youth that access the

Web from their houses and school are especially

vulnerable victims.

RISKS OF WEB SURFING

The security risks in computer equipment connected to the Internet can be classified

according to the target of the attack:

Adware: Malicious code that shows unsolicited advertisement in your computer.

Malware: Derived from Malicious softWare, it’s a general term that includes any type

of malware: “Trojans”, “worms”, “spyware”, “adware”, etc. that infiltrate a computer

without the user’s permission and which are designed to damage the computer, to

gather information or to allow the computer to be controlled and use it to send spam

(unwanted mail), etc.

Phishing: Some people’s attempt to pose as a business in order to deceive and

obtain personal information.

Spam (unwanted mail): Unsolicited mail that tries to sell you something. Also

known as junk mail.

Spyware: It’s a spy software that uses your connection to the Internet to gather

personal information without your consent or knowledge and sends it to the person

who wrote the spyware program. Just like adware, spyware is often installed when

‘freeware’ or ‘shareware’ programs are downloaded. The spyware can look at your

bank statement, personal information, etc. It is illegal and generalized.

Virus: A computer program that can duplicate and extend from one computer to

another.





Hackers and crackers: The individuals behind the attacks on security we’ve

described before are Hackers and Crackers. Hackers look for security gaps with the

purpose of exploiting them in order to gain access to seemingly secure systems. Not

to be confused with Crackers, whose main goal is to breach the system for criminal

purposes, Hackers, at least at their starting point, pursue the personal prestige that

stems from being capable of finding a way into highly protected systems.

Trojan: It is a malicious software that shows itself to the user as a seemingly

legitimate and harmless program but once it starts to run, it gives an attacker remote

access to the infected system. Trojans can do different tasks, but in the majority of

cases they allow remote administration (from the outside) of your computer to an

unauthorized user.

A Trojan isn’t a virus in itself, even when theoretically it can be distributed and work

as one. The main difference between a Trojan and a virus is its finality. For a program

to be a “Trojan” it only needs to access and control a remote computer without being

noticed, usually under a hidden appearance. On the contrary of a virus, which is a

destructive guest, the Trojan doesn’t necessarily damage anything because that’s

not its purpose.





PROTECTION SYSTEMS

LOCAL PROTECTION SYSTEMS

From the point of view of our computer protection, there are three basic aspects to

keep in mind, easy to implement and which will substantially better our security

experience:

1.- Keep the operating system and the installed software up to date

To avoid possible security gaps in the

system that derive from the weaknesses

mentioned before, it is key that we keep our

system and the installed software

permanently updated. To do so, nowadays,

the automatic update system in computer

equipment and operating systems makes that task easier for us since it detects

autonomously our systems’ configurations and the need to update, just as it happens

with the majority of the installed programs.

2.- Periodically change the password to access the system

Whatever method it may be, if a user obtains the access codes to a system, they will

have free rein to work with it without our consent.

To minimize the risks that derive from this, the system’s access code has to be

changed frequently, using for its configuration a length of at least 6 alphanumeric

characters mixing up capital with lower case

letters, numbers and symbols like %, & o $.

Evidently, we must avoid words with a common

significance and relation to our immediate

surroundings and not leave them within anyone’s

reach in the proximity of the computer.





There are many different ways of creating long and complex passwords. Here, we

give you some suggestions that may help you remember your password easily:

What to do Example

Begin with a phrase or two I must create a complex password

Erase the spaces Imustcreateacomplexpassword

Abbreviate words or intentionally misspell one of

them

ImstkrtACompxPswrd

Add numbers so the password will be longer. Add

numbers and symbols with personal significance at

the end of your password

ImstkrtACompxPswrd1508$90%

After creating your password, you can check how secure it is by using a password

security checker. Microsoft offers a tool to check how secure your password is.

Avoid putting up password with the following structure:

Sequences or repeated characters, such as 123456, abcde, among others.

Personal information: your name, date of birth, your initials, among others.

Since in today’s age it is habitual to have multiple usernames and passwords to

access not only the local equipment but to several websites as well, there are

programs that help us remember them, such as Password Genie, Splash Id,

RoboForm’s, KeePass, Norton Password Manager, among others.

In actuality, cryptographic card and, above all, the widespread use of electronic ID

allow the storing of digital certificates needed in the majority of websites (electronic

bank, administration services, etc.), increasing with it the security and privacy levels

that can be applied to the computer equipment and for Internet navigation.

https://www.microsoft.com/es-xl/security/pc-security/password-checker.aspx





3.- Install an antivirus and keep it updated

Antivirus programs permanently monitor

the system, looking for running or latent

malware in order to ID it, sound the alarm

and, if it were possible, clean the

equipment or at least try to isolate the

virus. There are several antivirus systems

from different enterprises and some free

solutions yet it is difficult to establish which

one from them all is the best given that

comparisons made by specialized magazines use very diverse evaluation

parameters and are not immune to these solution-exploiting companies’ influence.

PERIMETRIC PROTECTION SYSTEMS AND SAFE NAVIGATION

Installing a firewall is another effective way you can take to protect your computer

from threats. A firewall filters Internet traffic before it gets to a computer or private

net. It also offers additional protection against threats, like hackers and virus.

Moreover, a firewall guarantees the computer’s privacy as it restricts external access

to the computer from any unauthorized user.

Firewalls are based on access control lists that

determine which addresses and/or programs are

allowed Internet access (white lists) and which ones

are denied it (black lists).





PARENTAL CONTROL SYSTEMS

Based on aforementioned filtering systems, these are systems designed to

guarantee a safe experience for children, teens, and young adults. The same web

browsers (Internet Explorer, Firefox, Safari, etc.) provide their own parental control

system.

The control filters verify all information packets

that run through the web, analyzing them with

established security patterns and blocking them

in the case that they’re found to contain

unwanted information, according to the

boundaries marked by the administrators or the

people responsible for the systems.

TIPS FOR MINIMIZING THE RISKS OF WEB SURFING

TIPS FOR SAFE NAVIGATION

1. To stave off virus, download files from trusted sites only.

2. Download programs from their official websites to avoid spoofing.

3. With an antivirus, analyze everything you download before running it.

4. Keep your browser and operating system updated to protect them against the

latest threats.

5. Use URL analyzers as support to make sure a website can be trusted.

6. Delete from your browser your search history, cookies and temporary Internet

files.

7. Be careful with the passwords you save on your browser.

TIPS FOR THE SAFE USE OF EMAIL

1. Don’t trust emails from unknown senders; when in doubt, delete it.





2. Don’t open suspicious attachments from unknown senders or ones that you

didn’t ask for.

3. Use the antispam filter and mark the unwanted emails as junk mail.

4. Be careful with the password recovery mechanism, use a question that only

you know the answer to.

5. Analyze the attachments with an antivirus before running them in your system.

6. Deactivate the preview and HTML viewing on your email account to avoid any

malicious code that may be included in a message.

7. Don’t give out your email account to strangers.

8. Do not respond to fake massages or to chain mail to keep your email address

from being broadcast.

9. When you send or forward messages to multiple recipients use the hidden

carbon copy –CC or BCC- to introduce the addresses.





TIPS FOR SAFE ONLINE SHOPPING

1. Use websites you know: Start in a safe site instead of shopping using a search

browser

2. Look for the Padlock: Never buy anything online with your credit card in a

website that doesn’t have at least SSL encryption (secure sockets layer) installed.

You can tell when a website has SSL encryption because its URL will begin with

HTTPS:// (instead of just HTTP://). A locked padlock icon will appear, generally in

the status bar at the bottom of your web browser or just beside the URL in the

address bar.

3. Look for a third party’s seal of approval: Only companies can exhibit these

seals in their sites if they meet to a set of rigorous standards on, for example, how

personal information can be used. You must look for two seals.

If you find the seals, click on them to make

sure they take you to the organizations that

created them. Some unscrupulous sellers

exhibit these logos on their websites without

consent.

4. Don’t say everything: No online shop

needs your Social Security number or your birthday to do business. Give out the

least amount of information whenever possible.





5. Verify your bank statements: Go on the Internet frequently and search for the

bank statements for your credit and debit cards as well as your checking account. If

you see anything wrong, pick up the phone and immediately take care of the

problem.

6. Vaccinate your computer: You need to be protected

against malware with regular updates to your antivirus.

7. Use secure passwords: We want to strongly emphasize

that you make sure to use secure passwords, but even more

importantly, you want a secure password when dealing with banks or shopping

online.

8. Use mobile communications: There’s no need to worry more when shopping

with a mobile device than through the Internet. The trick is to use the applications

provided directly by the shops, like Amazon, Target, etc.

9. Avoid public computers and networks: Hopefully there’s no need to say that

shopping on a public computer is a bad idea, but we’ll do it anyways. If you do, just

remember to log out of your account every time you use a public computer, even if

it is just to check your email.

10. Privatize your Wi-Fi: If you choose to shop with your mobile computer, you’ll

need a wireless connection. Only use the wireless connection if it has access to the

Internet through a VPN (virtual private network) connection.

11. Careful with gift cards: Gift cards are the most asked-for present at parties and

this year won’t be the exception. Go for the provider when you buy one, as con men

like to sell empty or near-empty gift cards on sites like eBay.

12. Know what is too good to be true: In the majority of cases, skepticism is what

can save you from getting your card number stolen.





SECURITY TIPS ON SOCIAL NETWORKS

Social media websites like MySpace, Facebook, Twitter and Windows Live Spaces

are services that can be used by people to connect with others and share information

like photographs, videos and personal messages. As their popularity grows, so do

the risks of their use.

1. Be careful when clicking on links you’ve received in messages from your

friends on your social media website. Treat these links as you would do the links on

email messages.

2. Know what you’ve published about yourself. A common way hackers use to

access your bank or other types of accounts is clicking on the "Forgot your

password?" link on the account’s homepage. To gain entry to your account without

authorization, they look for the answers to your security questions, like your birthday,

the city you were born in, your high school graduating class or mother’s maiden

name.

3. Don’t trust that a message really comes from whom it says it does. Hackers

can go into people’s accounts unauthorized and send messages that look like they

were sent from friends but they’re not. If you have a hunch about a message being

bogus, use an alternate method to contact your friend and investigate.

4. To avoid giving email addresses to your friends, don’t allow social media

services to check your email address book. When you join a new social network,

it’s possible that you may receive an offer to introduce your email address and your

password to know if your contacts are on this website. The website may use this

information to send messages with that email address to everyone on your contacts

list or even to someone that at any one time you’ve sent an email to. Social media

websites should explain what they’ll do with the information you’ve provided, but

some don’t do it.

5. Type out on your browser your social media URL or use your personal

markers. If you click on a link to your social media through emails or other websites,





it is possible for you to enter your username and password on a fake site where your

information can be stolen.

6. Be selective when it comes to who you accept as a friend on a social media

platform. Identity thieves can create fake profiles to obtain information from you.

7. Carefully choose your social network. Evaluate the site you plan to use and

make sure you understand the privacy policy. Investigate if the site monitors the

content that people publish. You will give this site your personal information, so use

the same criteria that you would use when selecting a site that makes use of your

credit card.

8. Assume that everything you post on a social media site is permanent. Even

if you can erase your account, any person on the Internet can easily print photos or

text or save images and videos in a computer.

9. Be careful when installing additional functions on your social media site. A

lot of social media networks allow you to download applications from third parties

which let you do more with your personal website. To safely download and use third-

party applications, take the same safety precautions that you would when

downloading any other program or file from the Internet.





REFERENCES

Aspectos básicos del Internet y seguridad cibernética. Technology expertise, Access &

learning for all Texans. Recuperado de:

https://www.tsl.texas.gov/sites/default/files/public/tslac/u34/Internet%20y%20Seguridad%20Cibern%C3%A9tica.pdf

Seguridad en Internet. Recursos Tic. Recuperado de:

http://recursostic.educacion.es/observatorio/web/es/component/content/article/805-monografico-seguridad-en-internet

Cree contraseñas seguras. Microsoft. Recuperado de:

http://www.microsoft.com/es-xl/security/online-privacy/passwords-create.aspx

Cómo comprar en línea de forma más segura. Microsoft. Recuperado de:

http://www.microsoft.com/es-xl/security/online-privacy/online-shopping.aspx

https://www.tsl.texas.gov/sites/default/files/public/tslac/u34/Internet%20y%20Seguridad%20Cibern%C3%A9tica.pdf

http://recursostic.educacion.es/observatorio/web/es/component/content/article/805-monografico-seguridad-en-internet

http://www.microsoft.com/es-xl/security/online-privacy/passwords-create.aspx

http://www.microsoft.com/es-xl/security/online-privacy/online-shopping.aspx

Security concepts to consider when using a computer

Technology

Transcript of Security concepts to consider when using a computer